Aggregates CVE and security vulnerability intelligence across all kennziffer-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, vendor risk cross-site scripting, and vendor risk path handling, with potential vendor impact data exposure across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2014-8874 | The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. | [email protected] | 5.0 | 0.28% | 2014-12-02 | 2026-05-06 |
| CVE-2014-6293 | SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. | [email protected] | 7.5 | 0.37% | 2014-10-03 | 2026-05-06 |
| CVE-2014-6235 | Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. | [email protected] | 7.5 | 9.43% | 2014-09-11 | 2026-05-06 |
| CVE-2013-5307 | Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 4.3 | 0.52% | 2013-08-16 | 2026-04-29 |
| CVE-2013-5302 | SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | [email protected] | 7.5 | 0.71% | 2013-08-16 | 2026-04-29 |